Package: ecryptfs-utils
Version: 111-4
Severity: important

I have setup the standard home ~/Private directory. It looks like it is 
confused about which key to use.

For the last few months or so, I get this (key IDs changed but consistent
in report):

$ ecryptfs-mount-private 
Enter your login passphrase:
Inserted auth tok with sig [aaaaaaaaaaaaaaaa] into the user session keyring
mount: No such file or directory

The kernel reports:
Jul 30 07:43:31 elmo kernel: [225198.624579] Could not find key with 
description: [bbbbbbbbbbbbbbbb]

And plenty of other messages, all about the second key with ID bbbbbbbbbbbbbbbb

These are the two keys:
$   keyctl list @u
2 keys in keyring:
270246897: --alswrv  1000  1000 user: bbbbbbbbbbbbbbbb
996876983: --alswrv  1000  1000 user: aaaaaaaaaaaaaaaa

The work-around. Is given below.
Note that I overrode the fnek signature on the command line.

$ ecryptfs-unwrap-passphrase .ecryptfs/wrapped-passphrase
Passphrase: (enter your usual passphrase)
PPPPPPPPPPPPPPPP
(write down this unwrapped passphrase)

$ sudo ecryptfs-add-passphrase --fnek 
Passphrase: (enter the PPPPPPPPPPPPPPPP)
Inserted auth tok with sig [aaaaaaaaaaaaaaaa] into the user session keyring
Inserted auth tok with sig [bbbbbbbbbbbbbbbb] into the user session keyring
udo mount -t ecryptfs /home/username/.Private/ /home/username/Private/
Select key type to use for newly created files: 
 1) passphrase
 2) tspi
Selection: 1
Passphrase: 
Select cipher: 
 1) aes: blocksize = 16; min keysize = 16; max keysize = 32
 2) blowfish: blocksize = 8; min keysize = 16; max keysize = 56
 3) des3_ede: blocksize = 8; min keysize = 24; max keysize = 24
 4) twofish: blocksize = 16; min keysize = 16; max keysize = 32
 5) cast6: blocksize = 16; min keysize = 16; max keysize = 32
 6) cast5: blocksize = 8; min keysize = 5; max keysize = 16
Selection [aes]: 1
Select key bytes: 
 1) 16
 2) 32
 3) 24
Selection [16]: 1
Enable plaintext passthrough (y/n) [n]: 
Enable filename encryption (y/n) [n]: y
Filename Encryption Key (FNEK) Signature [aaaaaaaaaaaaaaaa]: bbbbbbbbbbbbbbbb 
Attempting to mount with the following options:
  ecryptfs_unlink_sigs
  ecryptfs_fnek_sig=bbbbbbbbbbbbbbbb 
  ecryptfs_key_bytes=16
  ecryptfs_cipher=aes
  ecryptfs_sig=aaaaaaaaaaaaaaaa
WARNING: Based on the contents of [/root/.ecryptfs/sig-cache.txt], it looks 
like you have never mounted with this key before. This could mean that you have 
typed your passphrase wrong.
Would you like to proceed with the mount (yes/no)? : yes
Would you like to append sig [aaaaaaaaaaaaaaaa] to 
[/root/.ecryptfs/sig-cache.txt] 
in order to avoid this warning in the future (yes/no)? : no
Not adding sig to user sig cache file; continuing with mount.
Mounted eCryptfs

-- System Information:
Debian Release: buster/sid
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.9.0-3-amd64 (SMP w/6 CPU cores)
Locale: LANG=en_AU.utf8, LC_CTYPE=en_AU.utf8 (charmap=UTF-8), LANGUAGE=en_AU:en 
(charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages ecryptfs-utils depends on:
ii  gettext-base    0.19.8.1-2+b1
ii  keyutils        1.5.9-9
ii  libassuan0      2.4.3-2
ii  libc6           2.24-12
ii  libecryptfs1    111-4
ii  libgpg-error0   1.27-3
ii  libgpgme11      1.8.0-3+b3
ii  libkeyutils1    1.5.9-9
ii  libpam-runtime  1.1.8-3.6
ii  libpam0g        1.1.8-3.6
ii  libtspi1        0.3.14+fixed1-1

ecryptfs-utils recommends no packages.

Versions of packages ecryptfs-utils suggests:
pn  cryptsetup  <none>

-- no debconf information

Reply via email to